CODEWITHSUNDEEP
openssl
user1059439
user1059439

Reputation: 11

OpenSSL secure renegotiation failed

I was using OpenSSL 1.0.0e on both client and server to do the test, but I got an error message when testing secure renegotiation.

$ openssl s_client -connect 192.168.1.99:443 -tls1
...
Secure Renegotiation IS supported
...
R
RENEGOTIATING
140501522626208:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591:

Upvotes: 1

Views: 12391

Answers (1)

Nikola Rupev
Nikola Rupev

Reputation: 41

To understand the issue in a bit more detail here is some relevant information: 

The official description:

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Details about the CVE and affected versions:
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555


A thorough explanation of the vulnerability, its symptoms and possible solutions:
        http://www.g-sec.lu/practicaltls.pdf

So to sum-up the vulnerability requirements, the preconditions for a TLS or SSLv3 connection to be vulnerable are:

1 The server acknowledges and accepts full TLS renegotiations in the middle of a connection and after the initial handshake

and

2 The server assumes that both TLS sessions were negotiated with the same client

and

3 The server treats both sessions as one and merges them at the application layer

That being said, based on the requirements above a test against the server on port 443 shows that renegotiation is not allowed:

Generic Example Of A Vulnerable Server

    Openssl s_client –connect yourserver.com:443
    GET / HTTP/1.0
    Host:yourserver.com
    R (Triggers renegotiation – if this works, the server accepts enegotiations
    within an existing TLS session Req. #1)
    CRLF
    <server responds with content> (server merged both sessions Req. #2)

Protected server

    Openssl s_client –connect yourserver.com:443
    R (Triggers renegotiation)
    2860:error:1409444C:SSL routines:SSL3_READ_BYTES:tlsv1 alert no
    renegotiation:./ ssl/s3_pkt.c:1053:SSL alert number 100

Cheers!

Upvotes: 4

Related Questions